[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] access problem solved. -got it

Hi Carrie

ok thanks - been hacked ok im going to find out 
- what a t0rn rootkit is
- change passwords.
- kill telnet
and see if i can figure anything from the logs.
our onsite guy is not a linux guru our stateside partner who is is away for a
few weeks is.
i also will learn which logs to check.

should i kill ssh in the meantime also.
many many thanks
gerald


> 
> Umm - hey Gerald, if your 'admin guy' is installing a t0rn rootkit on
> your server, then you need to fire his ass - your box has been hacked.
> Someone got in, installed SSH2 so they'd have a way to get into the
> machine - I really *don't* think that this was your admin guy - note
> how he uses ftp to get the 'wget' package first to make it easier to
> download the other packages. Wget is already installed on the Cobalts
> and your admin guy would know this.
> Then whoever it was installed the t0rn rootkit, which turned off ftp
> and telnet access so that only *he* could get into the machine via
> SSH2.
> 
> You've been hacked. Check your last log (by doing "last | less" from
> the command line, no quotes) to see if he left that intact so you can
> see who he logged in as.

> 
> CarrieB
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
-- 
Gerald Young    www.coolcat.net
 www.coolcoach.net - THE HOTTEST WAY TO LEARN -
-------------------------------------------------------------
Localhost: 10:23am  up 14:27,  3 users,  load average: 0.37, 0.10, 0.03
    Server:  5:47pm  up 343 days,  1:09,  1 user,  load average: 0.08, 0.02, 0.01

Word .doc's not accepted and automatically deleted